Security bank Cross-Site Scripting (XSS) Security / 6 questions Your progress 0 / 6 done Saved in this browser. Reset All 6 Medium 4 Hard 2 Hide done No questions match those filters. 1 What is XSS, and what are the stored, reflected, and DOM-based variants? Medium 2 Why is `innerHTML` with user input dangerous, and what's the safe alternative? Medium 3 How does React protect against XSS by default, and how does `dangerouslySetInnerHTML` reopen it? Medium 4 What is output encoding, and why must it be context-aware (HTML vs attribute vs URL vs JS)? Hard 5 What is DOM-based XSS, and why can it happen even with a 'safe' server? Hard 6 How does a library like DOMPurify help, and what are its limits? Medium Next → CSRF & Request Forgery